If you use Google Docs, you need to be aware of a new phishing attack. Hackers are creating web pages that appear to be the well-known Google Doc form. These scammers are sending out links to what looks like a Google Doc. However, before you can access the Doc, you are asked to log in to Google. This log-in is fake and, if you fill in your Google User Name and Password, you will have been phished. Hackers will have your information and will be able to access your account. If your Google account is part of a company Google account, these evil-doers may be able to access others in your company. Remember, always be leery of any log-in window which appears when you are already logged in to a site, including Google.

For full details of this phishing attempt, please read the Avanan article found HERE.

---

Microsoft has released a security alert regarding the following malicious email:

Should you receive this email, immediately delete it. DO NOT CLICK ON ANY LINKS. This email can install a very malicious software program which can compromise your entire computer and/or network.

To read full details about this fake email, click HERE.

---

This week, the FBI issued a special warning for people who are job hunting. Cyber criminals are using fake job listings in an attempt to steal PII (Personally Identifiable Information). Since these scammers ask the same type of questions as legitimate employers, it is often difficult to spot a fake job offer.

If you are job hunting or know someone who is, I strongly urge you (or them) to read the FBI alert. There are two sections in particular that are important: 1) “Some indications of this scam may include:” and 2) “How to Protect Yourself.”

You can read this important FBI alert HERE.

Yesterday, a Joint Cybersecurity Advisory was issued regarding the compromise of a Florida Water Treatment plant. (See an article regarding the hack HERE.) The report was co-authored by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). In the report, two primary reasons for the hack were covered. 1) A computer running Windows 7 was in operation. Note: support for Windows 7 ended more than a year ago. You should not be using a Windows 7 machine on the Internet. If you are, please call us to discuss options. 2) The desktop sharing app, TeamViewer was being used and the hacker gained entrance through it. While TeamViewer is a legitimate app, precautions need to be taken if you are using it. These precautions are listed in the Advisory. You should take the time to read the very interesting document. You’ll find the PDF version of it HERE.

---

The US-Cert has released the following: The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require such information and scammers can use this information to steal consumers’ money and identities.

Beware of emails claiming to be from the FTC especially those that use the agency title “US Trading Commission.” You can read the full FTC informational post here: Scam “US Trading Commission” website is not the FTC | FTC Consumer Information.

---

In the January updates for Android, Google released a critical update for Android phones. If you use one, you should immediately make sure your operating system is up-to-date. Not sure how to do that? Check out this page: Learn when you’ll get Android updates on Google Pixel phones and Nexus devices – Pixel Phone Help and this page: Get help from your device manufacturer and mobile operator – Android Help (google.com). While you’re at it, make sure all your Google Play Store apps are updated, as well.

---

If you use devices in your home using voice or video, the FBI has a warning for you. These devices are being used for swatting. Swatting is a term used to describe a hoax call made to emergency services. Hackers are gaining access to people’s smart devices primarily through stolen email passwords which are often also used for these items. If you use a Ring doorbell/video camera (or similar) or Google Home, Amazon Alexa, etc., I strongly urge you to read the entire FBI warning found HERE.

---

The FBI issued a warning relating to Virtual Kidnapping Extortion Calls. Although the warning came from the Phoenix, AZ office, this is an important warning for all Americans. As the FBI mentions in their notice, “victims are getting calls from criminals claiming to have kidnapped their loved ones and threatening to harm them unless a ransom is paid.” Only thing is, no one has been kidnapped. The scammers attempt to get you to send them money before you can verify that the person hasn’t actually been kidnapped. (This is a combination of two of the three bases for Social Engineering scams – using fear and relying on your willingness to help others. Here is what the FBI suggests you should look for:

• Calls are usually made from an outside area code
• May involve multiple phone calls
• Calls do not come from the kidnapped victim’s phone
• Callers go to great lengths to keep you on the phone
• Callers prevent you from calling or locating the “kidnapped” victim
• Ransom money is only accepted via wire transfer service

Read the entire FBI warning HERE.

The Better Business Bureau has issued a warning to those who use Zoom and/or Microsoft Teams regarding phishing attacks. Here is their warning:

“There are new Zoom (and Microsoft Teams) phishing attacks you need to watch out for. The Better Business Bureau has three great tips.

“Out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule,’”

“You might even receive a message welcoming you to the platform and requesting you click on a link to activate your account”. the BBB warned:

• “Double check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam.
• “Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain.
• “Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.”

Remember: Think Before You Click.” It is more important than ever these days.”

---

Google Chrome has a security update released today – Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Although Chrome is good about automatically updating, you might want to update the browser manually, as soon as possible. Not sure how to do that? You’ll find directions in our YouTube video, “How To Check For Updates In Any Browser.” Just click HERE.

---

The FBI, TBI and U.S. Secret Service have issued a special warning about a rise in money mule schemes. Although the warning is specifically for people living in Middle and West Tennessee, these threats are everywhere and all computer users need to be aware of them and learn: the signs; how to protect yourself; and how to respond.

I strongly urge everyone to read the this warning which was released yesterday by the FBI. Click on this button to read it now.

---

While many people are hoping for and really needing a second stimulus check of $1200, that is not currently a reality. However, scammers are sending text messages to phones with this wording (or something similar):

“You have received a direct deposit of $1,200 from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment …”

Of course, if you continue from the text, you are directed to a phishing site and you’re asked for personal information to verify that you should receive the $1200.

Should you receive this text, the IRS is asking you to take a screenshot then email it to phishing@irs.gov. They are also asking you to include the date and time you received the text, the number it came from and the number that received it (i.e., your cell phone number).

---

Hackers/scammers are at it again in Facebook. They have been sending emails telling FB users that their is a copyright violation. As is often the case, the bad guys employ the Social Engineering format of FEAR in an attempt to get you to respond. They warn you that, if you don’t respond, your Facebook account will be locked/deleted. Despite the fact that these emails look legitimate and the fact that copyright violations are serious matters, these emails are fake. Don’t click, don’t respond!